From owner-freebsd-isdn Mon Jan 4 21:11:28 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA29224 for freebsd-isdn-outgoing; Mon, 4 Jan 1999 21:11:28 -0800 (PST) (envelope-from owner-freebsd-isdn@FreeBSD.ORG) Received: from mail.dinoex.sub.org (mail.dinoex.sub.de [195.243.29.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA29219 for ; Mon, 4 Jan 1999 21:11:26 -0800 (PST) (envelope-from dirk.meyer@dinoex.sub.org) Received: (from uucp@localhost) by mail.dinoex.sub.org (8.9.1/8.9.1) with UUCP id GAA03773 for freebsd-isdn@FreeBSD.ORG; Tue, 5 Jan 1999 06:12:28 +0100 (CET) Received: from gate.dinoex.sub.org (dinoex@localhost) by net2.dinoex.sub.org (8.9.1/8.9.1) with BSMTP id FAA16760 for ; Tue, 5 Jan 1999 05:55:05 +0100 (CET) To: freebsd-isdn@FreeBSD.ORG Message-ID: From: dirk.meyer@dinoex.sub.org (Dirk Meyer) Organization: privat Subject: Re: regexp program Date: Tue, 05 Jan 1999 04:53:19 +0100 X-Mailer: Dinoex 1.69 References: <199901041906.UAA01275@yedi.iaf.nl><199901041906.UAA01275@yedi.iaf.nl><19990104204911.B5702@hcswork.hcs.de> X-Gateway: ZCONNECT gate.dinoex.sub.org [UNIX/Connect v0.77-m1] X-ZC-ROT: dinoex.sub.org X-PGP-Fingerprint: 44 16 EC 0A D3 3A 4F 28 8A 8A 47 93 F1 CF 2F 12 X-ZC-VIA: 19990105000000W+1@dinoex.sub.org Sender: owner-freebsd-isdn@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hellmuth Michaelis wrote in reply of Wilko Bulte: > > In that respect I'd say it might make sense to not execute > > the regprog as root. > > It looks like isdnd/exec.c just execs whatever you feed it. > > Maybe a setuid(nobody) > > first? > > Something like that - on the other side: who should be permitted to access > /dev/i4b* and wouldn't it be appropriate at this time to add group "isdn" > to /etc/groups? The regexp program (I dont use any at this time), may want to signal the isdnd/route/natd new information. If this is the case, It can't run as nobody. I see the problem with the answering machine or the similar programs. The have to access the isdn data, but I would not like to run them under root permanently. > I really didn't thought about all this stuff much, what do other people > think about that ? > Thoughts, comments ? first, is there any reason i4b must runs as root, instead as an dedicated user? It might be possible, all i4b devices could be owned by this users. All programs and scripts could be executed under this, root will still have access for administration or emergency. [not full related] BTW, instead of using rc.isdn versus rc.isdn.ppp I start my raw devices with /etc/start.ipr0 and my ppp links with a separate script /usr/local/etc/rc.d/91-isp0.sh (mode 700) which feed the route and accounting data. Where do you put your accounting passwords into? kind regards Dirk -- Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany -- Tel. +49-5606-6512 . To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isdn" in the body of the message